Documentation
¶
Index ¶
- Constants
- func AddUserToContext(ctx context.Context, clam *UserClaims) context.Context
- func AssignPermissionsToRoles(permission string, roles ...string)
- func GetOrInitRole(role string)
- func GetPermissionVersion() int32
- func GetPermissionsForRole(role string) ([]string, bool)
- func GetSimplePermission(category, resource, action interface{}) string
- func GetSimplePermissions(category, resource interface{}, action ...interface{}) []string
- func IncreasePermissionVersion()
- func MustGetRole(role string)
- func NeedRefreshPermission(ver int32) bool
- func RegisterPermissionsToRole(role string, permissions ...string)
- func UpdatePermissionVersion(i int32)
- type AccessToken
- type Action
- type PermissionID
- func GetOrInitPermission(category, resource string, action string) PermissionID
- func GetOrInitPermissionKey(key string) PermissionID
- func GetOrInitPermissionKeys(keys ...string) []PermissionID
- func MustRegisterPermissionByKey(key string) PermissionID
- func MustRegisterPermissionByKeys(key []string) []PermissionID
- type PermissionRegistry
- type Preferences
- type RoleRegistry
- type SessionUser
- type UserAssignedPermission
- type UserClaims
- type UserExternalProfile
- type UserRole
- type UserUniversalProfile
Constants ¶
View Source
const RoleAdmin = "admin"
View Source
const RoleReadOnly = "readonly"
Variables ¶
This section is empty.
Functions ¶
func AddUserToContext ¶
func AddUserToContext(ctx context.Context, clam *UserClaims) context.Context
func GetOrInitRole ¶
func GetOrInitRole(role string)
GetOrInitRole ensures a role exists; if not, it initializes it
func GetPermissionVersion ¶
func GetPermissionVersion() int32
func GetPermissionsForRole ¶
GetPermissionsForRole retrieves permissions assigned to a role
func GetSimplePermission ¶
func GetSimplePermission(category, resource, action interface{}) string
func GetSimplePermissions ¶
func GetSimplePermissions(category, resource interface{}, action ...interface{}) []string
func IncreasePermissionVersion ¶
func IncreasePermissionVersion()
func MustGetRole ¶
func MustGetRole(role string)
MustGetRole ensures a role exists, panics if not registered
func NeedRefreshPermission ¶
func RegisterPermissionsToRole ¶
RegisterPermissionsToRole assigns permissions to a role
func UpdatePermissionVersion ¶
func UpdatePermissionVersion(i int32)
Types ¶
type AccessToken ¶
type AccessToken struct {
orm.ORMObjectBase
Name string `json:"name"`
UserID string `json:"userid"`
AccessToken string `json:"access_token"`
Provider string `json:"provider"`
Login string `json:"login"`
Type string `json:"type"`
Roles []string `json:"roles"`
Permissions []string `json:"permissions"`
ExpireIn int64 `json:"expire_in"`
}
type Action ¶
type Action string
Action is permission action
const ( // None is for empty action None Action = "none" // Create is for create action Create Action = "create" // Read is for read action Read Action = "read" // Update is for update action Update Action = "update" // Delete is for delete action Delete Action = "delete" // Search is for search action Search Action = "search" // CRUD is an alias for, create+read+update+delete permissions CRUD Action = "crud" Admin Action = "admin" )
type PermissionID ¶
type PermissionID uint32
func GetOrInitPermission ¶
func GetOrInitPermission(category, resource string, action string) PermissionID
func GetOrInitPermissionKey ¶
func GetOrInitPermissionKey(key string) PermissionID
func GetOrInitPermissionKeys ¶
func GetOrInitPermissionKeys(keys ...string) []PermissionID
func MustRegisterPermissionByKey ¶
func MustRegisterPermissionByKey(key string) PermissionID
func MustRegisterPermissionByKeys ¶
func MustRegisterPermissionByKeys(key []string) []PermissionID
type PermissionRegistry ¶
type PermissionRegistry struct {
// contains filtered or unexported fields
}
func NewPermissionRegistry ¶
func NewPermissionRegistry() *PermissionRegistry
func (*PermissionRegistry) GetOrInitPermissionIDByKey ¶
func (pr *PermissionRegistry) GetOrInitPermissionIDByKey(key string) PermissionID
func (*PermissionRegistry) MustGetPermissionID ¶
func (pr *PermissionRegistry) MustGetPermissionID(category, resource string, action string) PermissionID
func (*PermissionRegistry) MustGetPermissionIDByKey ¶
func (pr *PermissionRegistry) MustGetPermissionIDByKey(key string) PermissionID
type Preferences ¶
type RoleRegistry ¶
type RoleRegistry struct {
// contains filtered or unexported fields
}
RoleRegistry manages roles and their associated permissions
func NewRoleRegistry ¶
func NewRoleRegistry() *RoleRegistry
NewRoleRegistry creates a new role registry
func (*RoleRegistry) GetOrInitRole ¶
func (rr *RoleRegistry) GetOrInitRole(role string)
GetOrInitRole ensures a role exists, initializing it if necessary
func (*RoleRegistry) GetPermissionsForRole ¶
func (rr *RoleRegistry) GetPermissionsForRole(role string) ([]string, bool)
GetPermissionsForRole retrieves permissions assigned to a role
func (*RoleRegistry) MustGetRole ¶
func (rr *RoleRegistry) MustGetRole(role string)
MustGetRole ensures a role exists; panics if not found
func (*RoleRegistry) RegisterPermissionsForRole ¶
func (rr *RoleRegistry) RegisterPermissionsForRole(role string, permissions []string)
RegisterPermissionsToRole associates permissions with a role
type SessionUser ¶
type SessionUser struct {
Provider string `json:"provider"`
Username string `json:"username"`
UserId string `json:"user_id"`
Roles []string `json:"roles"`
Labels util.MapStr `json:"labels"`
*UserAssignedPermission
}
func UserFromContext ¶
func UserFromContext(ctx context.Context) (*SessionUser, error)
type UserAssignedPermission ¶
type UserAssignedPermission struct {
PermissionVersion int32
AllowedPermissions *roaring.Bitmap // Allowed merged bitmap from roles + direct permits
DeniedPermissions *roaring.Bitmap // Explicit deny bitmap for the user
}
UserAssignedPermission represents role and direct permissions for a user in a tenant
func NewUserAssignedPermission ¶
func NewUserAssignedPermission(allowed []string, denied []string) *UserAssignedPermission
func (*UserAssignedPermission) Dump ¶
func (p *UserAssignedPermission) Dump()
HasPermission checks if the user has a specific permission for a tenant
func (*UserAssignedPermission) NeedRefresh ¶
func (p *UserAssignedPermission) NeedRefresh() bool
func (*UserAssignedPermission) Validate ¶
func (p *UserAssignedPermission) Validate(permIDs []PermissionID) bool
func (*UserAssignedPermission) ValidateFor ¶
func (p *UserAssignedPermission) ValidateFor(permID PermissionID) bool
type UserClaims ¶
type UserClaims struct {
*jwt.RegisteredClaims
*SessionUser
}
type UserExternalProfile ¶
type UserExternalProfile struct {
orm.ORMObjectBase
UserID string `json:"user_id" elastic_mapping:"user_id: { type: keyword }"`
AuthProvider string `json:"provider" elastic_mapping:"provider: { type: keyword }"`
Login string `json:"login" elastic_mapping:"login: { type: keyword }"`
Payload interface{} `json:"payload" elastic_mapping:"payload: { type: object }"`
}
type UserUniversalProfile ¶
type UserUniversalProfile struct {
orm.ORMObjectBase
Name string `json:"name" elastic_mapping:"name: { type: keyword }"`
Email string `json:"email" elastic_mapping:"email: { type: keyword }"`
Phone string `json:"phone" elastic_mapping:"phone: { type: keyword }"`
AvatarUrl string `json:"avatar" elastic_mapping:"avatar: { type: keyword }"`
Roles []UserRole `json:"roles" elastic_mapping:"roles: { type: object }"`
Preferences Preferences `json:"preferences" elastic_mapping:"preferences: { type: object }"`
Payload interface{} `json:"payload" elastic_mapping:"payload: { enabled: false }"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.